| CVE ID | CVE-2008-2241 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Computer Associates |
| AFFECTED PRODUCTS |
BrightStor ARCserve Server |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['4685']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise. |
| ADDITIONAL DETAILS |
Computer Associates has issued an update to correct this vulnerability. More details can be found at:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Damian Put |
